Please Note: This blog post was adapted from a previous UAG DirectAccess blog post and was originally written when the use of ISATAP for the Manage Out scenario was fully supported by Microsoft. However, with the advent of Windows Server 2012 supportability for the use of ISATAP was specifically limited to a single server topology due…

Please Note: The approach provided within this blog post is not suitable when using an External Load Balancer (ELB) or a multisite DirectAccess topology and you will need to use a more traditional native IPv6 deployment where you define your own IPv6 prefixes which are entered as part of the DirectAccess wizard configuration process. I…

A common administrator question when learning to troubleshoot DirectAccess client connectivity problems is: “How can you create a client-side diagnostic log which provides specific detail about the DirectAccess configuration, connectivity state and other relevant system information which can be used to isolate the exact problem/issue?” Depending on how far along the Windows evolutionary journey you…

Microsoft recently released a security advisory titled Vulnerability in DirectAccess could allow security feature bypass which can be found here. As part of the associated security update KB2862152 which can be found here, a DirectAccess client enforces more checks in IPsec negotiation when using either certificate-based or Kerberos Proxy authentication methods. During IPsec negotiation, the…

With the impending release of Windows Server 2012 we will have our third iteration of the Microsoft DirectAccess solution. Life began with the DirectAccess feature coming to Windows in the first release of Windows Server 2008 R2 a few years ago now; it was then supercharged using Forefront UAG to offer a truly more achievable…

I thought it might be useful to provide a summary list of DirectAccess related hotfixes from the past and present that may be of use to those embarking on a DirectAccess deployment for the first time, or those experiencing problems that have been solved already! PLEASE NOTE: Microsoft have now provided an official dynamic knowledgebase…

I’ve discussed the concept of ‘Manage Out’ for Forefront UAG DirectAccess and also more recently for Windows Server 2012 DirectAccess; both of which can be a cause of pain when implementing and supporting a DirectAccess solution using either platform. One of my MCS colleagues in NYC, Colin Brown has written an excellent troubleshooting guide which…